Keys can be used in a computerized system for various reasons. An example of use of keys is encryption of data communicated and/or stored in a computerised system by means of a key. An encryption key can be seen as a piece of information that determines the functional output of a cryptographic algorithm or function, the key specifying the particular transformation between plain text and encrypt text. Without knowledge of the key the algorithm cannot produce any useful result. In addition to cryptography, other uses of keys are possible. These include authentication and authorisation functions, digital signatures and so-on. In general, keys are provided to enhance security, and hence often called security keys. A particular example of key usage is the Public Key Infrastructure (PKI). The PKI is based on pairing of private and public keys stored at appropriate locations where public keys can be associated with respective user identities by means of a Certificate Authority (CA).
In certain scenarios a key may be present in more than one entity or location. Thus information of the key may be shared by several hosts or other users. This is one example of shared keys. For example, such sharing of keys can occur in Network File Systems (NFS) or the like systems where a number of home directory files traditionally stored in host devices are stored in a common location. A shared key may also result from copying a key in several hosts.
Sharing of keys may take place by accident, may be unnoticed, or be forgotten as the time goes by. Hidden shared keys can pose a security risk, and/or can cause some unexpected operation or vulnerability in the system and/or for the user thereof. For example, a key management operation on a shared key may have unexpected consequences. The consequences and/or the severity thereof is not necessarily immediately, if at all, known to the commander of the key management operation. Users and administrators of the system may not even be aware of shared keys, and hence of effects a key management operation on a shared key may have on operation of the system and/or individual entities and/or security. The number of entities sharing a key or otherwise impacted by an action on a shared key can be considerable. In large computerized systems the number of such entities can be in the order of tens of thousands.
It is noted that the above discussed issues are not limited to any particular system and data processing apparatus but may occur in any system where shared keys may exist.
Embodiments of the invention aim to address one or several of the above issues.